NOD32 deployed by Group Policy cfg.xml contains extra data? is it safe? how 2 remove?

Discussion in 'ESET Server & Remote Administrator' started by t0mmyr, Jul 31, 2012.

Thread Status:
Not open for further replies.
  1. t0mmyr

    t0mmyr Registered Member

    Joined:
    Jul 31, 2012
    Posts:
    1
    Location:
    USA
    I'm testing a new GPO and followed the directions instructed from here. and so far my 1st two tests have been excellent! however in order to deploy this via msi + cfg.xml I placed the files in a shared namespace all domain users/systems can read and am concerned about the data inside the cfg.xml file I created.

    I created the original cfg.xml by using my workstations current configuration as a base, downloaded/saved it through ERA and modified it with ESET Configuration Editor, saved a new .xml file and it works...but when I opened the xml file by itself I found 2-3 sections I was slightly concerned about:

    1: Our EAV-12345678 volume license Username is visible in plain text & our Password is a string of numbers and digits such as: "A1bj9w9wiwjfIFJASFASF8sXXx7skjdkw44w=", if everyone has read access to this file and manages to locate it on our network and opens it can they decode and walk off with our companys username and password?




    2: There is a plugin id:
    -<PLUGIN ID="1000101"> -<PROFILES> -<NODE TYPE="SUBNODE" NAME="@My profile">
    section that looks specific to my computer systems hardware? Do I really need my towers current USB device info on all my computer systems? Can I just remove the <plugin 1000101> section from the xml with no bad repercussions?




    3: There is another plugin id:
    -<PLUGIN ID="1000200"> -<PROFILES> -<NODE TYPE="SUBNODE" NAME="@My profile">
    that contains a bunch of trusted untrusted toggles I don't recognize looks http related but what spotted my attention was my own windows 7 username directory listing a ton of .exe's I've ran or had installed in my the past/currently on my computer system found under this node:
    -<NODE TYPE="XML" NAME="EPFWDATA" XML_VERSION="1"> -<BROWSERS>
    I don't want everyone at my company being able to see a list of executable applications on my computer for any non necessary reason, how can I remove this info?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It is not necessary to put a configuration xml containing your username and password to a shared folder. Just push installation with the desired configuration directly from ERA without using a separate xml file.

    The "Plugin 1000101" node belongs to real-time protection. By removing this node completely, you'll remove all real-time protection settings. Not sure what USB device information you mean as the Device control plugin has ID 1000E00.


    You can remove particular nodes according to your likings. However, when deploying a configuration to network clients I would use an xml only with specific settings set / adjusted. To accomplish this, use the Configuration editor and set / adjust only the desired settings while marking them (the little square will turn blue when marked, e.g. by pressing space).
     
Thread Status:
Not open for further replies.